NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IP aliasing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 18 Jun 2008, DAve wrote:
> Good morning,
>
> I have been told by my Network Administrator that we will be changing IP
> blocks for several key services very soon. I have three new DNS servers
> running NetBSD on the new IP block already. I also have two legacy DNS servers
> (also on NetBSD) that I need to drag along behind me for a few more months.
>
> My new IP block is 65.124.104.X and my old IP block is 65.196.224.X. Is it
> possible to have a single machine answer for both IPs on a single interface?
> The network Gods claim they can route the traffic to me no problem, but I am
> unsure how to configure the alias for the interface.
>
> Old address: 65.196.224.2
> Netmask: 255.255.255.0
> Gateway: 65.196.224.1
>
> New address: 65.124.104.25
> Netmask: 255.255.255.224
> Gateway: 65.124.104.1
>
> Is it even possible to alias the old address with the new gateway?
you can have both ip's on the same interface with:
ifconfig intX inet 65.124.104.25/27
ifconfig intX inet 65.196.224.2/24 alias
As for the default routes:
Depends on what your trying to do - i think you're going to have to talk
to your local network guys - if the machines that are trying to reach the
old ip's are reachable via the new gateway (and the new gateway won't be
confused by packets coming from old ip's coming in on it's new ip
interface[1]). Then just set the default route to the new gatway and be
done with it.
There is no straight forward way on NetBSD to have two default routes, but
if the set of machines that want to talk to the old ip's is known then you
can add routes to just them via the old gateway with:
route add -net oldmachinesnetblock/mask 65.196.224.1
The other way is to use ipf 'fastroute' rule to shift the packets around
manually, something like:
pass out on intX fastroute intX : 65.196.224.1 from 65.196.224.2/24 to any
(You'll need to test that carefully, i may have the syntax wrong. Tcpdump
is your friend, run it from a machine other than the server your testing,
so you can see what going on on the wire, oh, and consider pf as well,
(look for the 'route-to' option)).
[1] I am making assumptions about your network setup here, they may be
wrong.
- --
[http://pointless.net/] [0x2ECA0975]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (NetBSD)
iQEVAwUBSFsDbgCB+Qwuygl1AQIsUgf/WtN+G1QwBhS3cvEH1b3tUPodl55OKhz7
HFkoZPGfkyfVs32i6OJL22BEgvtpAIsTQ2uXPTnem8c1S1JL8HJbQArsmYihv2fu
gG3Hr4mOHfIa8t1SiYU5QxMKxtO46zD37zs0MqAl5uIBSje+sd+gQvGOmDglSQO/
ISXsqFadvgYtPHMJ0czknYen/FC4vbzk3bRs/8aGyvPWyGARVy2wrV6nsjfgM9Oi
fWt4KJFnaW5SFPdxaFdaYbxwep5L6Iqwd5GowgxLdEfgTlHt85OZiQqXuyKoRrRH
B2DrIjsHXsLv3C8e9fUEQc8r4GIJck/5xxhQqJVTp8HCkl+UbZL9rw==
=VMSu
-----END PGP SIGNATURE-----
Home |
Main Index |
Thread Index |
Old Index